Debian Security Advisory

DSA-547-1 imagemagick -- buffer overflows

Date Reported:
16 Sep 2004
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 268357.
In Mitre's CVE dictionary: CVE-2004-0827.
More information:

Marcus Meissner from SUSE has discovered several buffer overflows in the ImageMagick graphics library. An attacker could create a malicious image or video file in AVI, BMP, or DIB format that could crash the reading process. It might be possible that carefully crafted images could also allow to execute arbitrary code with the capabilities of the invoking process.

For the stable distribution (woody) this problem has been fixed in version

For the unstable distribution (sid) this problem has been fixed in version

We recommend that you upgrade your imagemagick packages.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.